ci: add install mission validation test (KubeStellar Console)#109
Open
clubanderson wants to merge 1 commit into
Open
ci: add install mission validation test (KubeStellar Console)#109clubanderson wants to merge 1 commit into
clubanderson wants to merge 1 commit into
Conversation
Add a GitHub Actions workflow that validates the documented Confidential Containers install mission steps work end-to-end. The workflow: - Spins up a kind cluster - Installs the chart from the OCI registry - Waits for pods to reach Running state - Validates the Helm release is deployed - Cleans up all resources Runs on push to main (chart file changes), weekly schedule, and manual dispatch. Ref: confidential-containers/confidential-containers#354 Signed-off-by: Andrew Anderson <andy@clubanderson.com>
fidencio
force-pushed
the
ci/kubestellar-install-mission-test
branch
from
April 29, 2026 08:47
2c46914 to
59f5fe0
Compare
fidencio
requested changes
May 6, 2026
fidencio
left a comment
Member
There was a problem hiding this comment.
@clubanderson, sorry for the time it took me to get to this one, I've been busy.
Basically we need some changes in order to make sure the tests can be accept and tests at least that the deployed content works.
| # 1. Checkout (needed only for workflow file itself) | ||
| # ------------------------------------------------------------------ | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 |
Member
There was a problem hiding this comment.
We need to update checkout here, it's very old.
| # 2. Create a kind cluster | ||
| # ------------------------------------------------------------------ | ||
| - name: Create kind cluster | ||
| uses: helm/kind-action@v1 |
Member
There was a problem hiding this comment.
I don't think a kind cluster will work for Kata Containers / Confidential Containers.
| echo "--- Events (last 50) ---" | ||
| kubectl get events -n "${INSTALL_NAMESPACE}" \ | ||
| --sort-by='.lastTimestamp' 2>/dev/null | tail -50 || true | ||
|
|
Member
There was a problem hiding this comment.
Ideally we should start at least one pod using the kata-qemu-coco-dev runtimeClass.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
.github/workflows/kubestellar-install-mission-test.yml) that validates the documented Confidential Containers install mission steps work end-to-endoci://ghcr.io/confidential-containers/charts/confidential-containers), waits for pods to be ready, validates the Helm release status, then cleans upworkflow_dispatchMotivation
The KubeStellar Console provides guided install missions for CNCF projects including Confidential Containers. This CI test ensures the install steps remain functional as the chart evolves, catching regressions before users encounter them.
Ref: confidential-containers/confidential-containers#354
What the workflow does
kindest/node:v1.31.6)confidential-containersnamespacehelm installfrom the OCI registry with--waitdeployedTest plan
actionlintvalidationworkflow_dispatchrun completes successfully on the forkif: always())